Abstract:Cyber targeted attack has sophisticated techniques using malwares to exploit vulnerabilities in systems and an external command and control is continuously monitoring and extracting data off a specific target. Since this attacking process is working continuously and uses diverse malicious codes and attacking routes, it is considered to be difficult to detect in advance. In this paper, we categorized cyber targeted attacks into four steps and defined potential behaviors of involvers like attackers or victims, in order to make a model. Each behavior of our model can include a couple of methods. Furthermore, we applied our behavior-based model to the real targeted attacks, “3.20 South Korean Malware Attack” and “The Targeted Attack for SK Communications”.